Meaning of Digital Signing
A digital signature is like an online version of your handwritten signature. It uses encryption to prove that a digital file, like a document or macro, is real and hasn't been changed.
When you sign an Excel macro digitally, it shows that no one has tampered with it since it was signed.
To do this, you need a code signing certificate. It includes a public key (to verify the signature) and a private key (to create it). Trusted companies like DigiCert, Sectigo, or Comodo issue these certificates.
Why Digitally Sign Excel Macros?
Creating a secure and trustworthy setup is where digital signatures in Excel macros become important. They help stop others from changing your code, which keeps it safe and reliable.
VBA (Visual Basic for Applications) lets Excel macros automate tasks, but that power can be risky if misused.
By digitally signing your macros, you give users a warning when something might be unsafe or has been changed. This helps prevent damage or lets users know if something has gone wrong. Here's why it's a good idea to sign your Excel macros:
Digital Signing Preparation
Before you start digitally signing your Excel macro project, some prior steps must be undertaken. This includes acquiring a code signing certificate, a secure hardware token setup, and the installation of software tools necessary for it.
Buy a Code Signing Certificate
A code signing certificate will be required for signing a digital signature to an Excel macro. A code signing certificate establishes you as the publisher or organization that certifies the code and forms a trust anchor for your digital signature.
This can be obtained through a CA trusted. The CA will perform identity verification and then provide the certificate based on the private key used to sign the macro or the public key used for signature verification.
Set Up a Secure Hardware Token
Private keys specifically employed for code signing activities must be secured on specialized hardware (USB token or hardware security module) after 2023. Secure hardware storage for private keys protects the key against unauthorized cybercrime access.
After acquiring a code signing certificate, the Certification Authority typically provides you with a secure USB token for keeping your private key safe.
Install Necessary Softwares
The signature creation process requires you to install particular software tools on your system. These include:
- Microsoft SignTool: The Windows Software Development Kit (SDK) contains a SignTool executable that executes file signing operations through command-line interfaces.
- Subject Interface Package (SIP): With this package, users can digitally sign their VBA projects in Excel.
- Microsoft Visual C++ Redistributable 2010: SignTool functions properly when the Microsoft Visual C++ Redistributable 2010 library gets installed by users.
Sign Excel Macros Using SignTool and CMD
1. Insert Your Secure Hardware Token
Before proceeding, ensure that your secure hardware token is plugged in. This allows the signing tool to recognize the private key residing on the token.
2. Open Command Prompt as Administrator
To bring up the Command Prompt with administrative privileges:
- Type "cmd" into the Windows search box.
- Right-click on Command Prompt and select Run as Administrator.
3. Navigate to the SignTool Directory
Copy the command given below and paste it. Get the Windows software development kit version number specifically installed on your device.
cd C:\Program Files (x86)\Windows Kits\10\bin\YourSDKVersion\x86Tip: The .dll files we've downloaded are 32-bit files. Hence, we've used the 32-bit version (x86) of SDK/SignTool, and you need to do the same.
If you've installed SDK into some other directory, use cd C:\ and append the correct file path.
4. Sign and Timestamp Your Macro Using SignTool
Open the SignTool signing command below and copy it. Edit the parts in bold to contain your timestamp server authority (TSA) info along with the file that contains your macro.
signtool sign /tr http://CAtimestamp.server.com /td SHA256 /fd SHA256 /a "C:\filepath\MyExcelFileWithMacro.xlsm"
Top comments (0)